Sophos XDR: Major solution enhancements now available

Credit to Author: Sally Adam| Date: Mon, 20 Nov 2023 18:17:25 +0000

Sophos XDR provides powerful tools and threat intelligence that enable organizations to detect, investigate, and respond to suspicious activity before active adversaries can impact their systems. With over 40,000 customers already using our XDR capabilities to elevate their defenses, Sophos is an established global leader in extended detection and response.

We are delighted to announce several significant enhancements to Sophos XDR that further accelerate detection and response, including expanded technology integrations that leverage existing security investments and new tools and optimized workflows to investigate threats more efficiently.

Expanded third-party integrations

The more you see, the faster you can act. Sophos XDR users can now leverage telemetry from an even more extensive range of third-party (non-Sophos) security tools, enabling organizations to get more ROI from their existing technology investments while speeding up security operations.

The newly-expanded technology partner ecosystem integrations include identity, network, firewall, email, cloud, productivity, and endpoint security technologies. Endpoint and Microsoft integrations are included with Sophos XDR subscriptions at no additional cost.

With Sophos XDR, suspicious signals from both Sophos and non-Sophos products are ingested, filtered, correlated, and prioritized – allowing customers to see more value from their existing tools​ than XDR solutions that only use third-party telemetry to enrich endpoint detections.

Network Detection and Response (NDR) is now available for Sophos XDR

Sophos NDR (Network Detection and Response) continuously monitors network traffic to detect a wide range of security risks, including rogue devices, unprotected devices, insider threats, zero-day attacks, and threats involving IoT and OT devices.

Sophos NDR was introduced earlier this year as an optional add-on for the Sophos MDR (Managed Detection and Response) service, and we’re delighted to announce that Sophos NDR is now also available for Sophos XDR for organizations who manage their own detection and response activities.

New and improved case management capabilities

Sophos XDR automatically creates cases based on detections to help organizations prioritize their investigations. In addition to enhancing automatic case creation, new and improved case management capabilities help analysts better manage their investigation workload and collaborate with other team members more efficiently.

Key enhancements include:

  • Case Notebook. Analysts can easily document and organize their work as they progress through an investigation by logging observations and findings and adding media for additional context.
  • Activity Log. A detailed record of activity for each case allows analysts to easily see actions that other team members have taken as part of an investigation.
  • Case Summary. Analysts can now enter a brief synopsis of each case, enabling their team to see a concise overview of investigations at a glance.
  • Enhanced MITRE ATT&CK Framework mapping. Sophos XDR automatically maps detections to MITRE ATT&CK Tactics, enabling analysts to identify potential gaps in defenses and prioritize improvements. In this release, MITRE Framework mappings are now collated across all detections within a single case, with more detailed TTP details provided.
  • Coming Soon: New analyst response actions. Using the new XDR case management toolset, analysts can now contain potential threats with the click of a button. New analyst response actions will help organizations accelerate threat containment via Sophos’ XDR-integrated products and via new third-party technology integrations. For example, using the new integration with Okta, analysts can quickly and easily suspend users, clear user sessions, and expire user passwords, all from the Sophos XDR platform.

New Detections user experience

Sophos XDR identifies suspicious activities that need immediate attention, automatically prioritizing detections across multiple attack surfaces based on risk.

The user experience for Detections has been redesigned in Sophos XDR, providing a clear view of the most critical data at a glance, with convenient access to enrichment pivots and actions to accelerate investigations.

New simplified (SQL-less) XDR search

Investigate and hunt threats at speed. The new XDR search tool enables analysts to quickly find specific data in the Sophos data lake by searching for indicators of compromise and other data such as IP addresses or usernames.

An intuitive search builder, plus free-text and prompted-Lucene options, enables users of all skill levels to find the data they need faster without SQL expertise!

Recognized by industry experts and customers

Sophos XDR continues to garner high praise from customers and industry experts for superior detection, investigation, and response capabilities.

Sophos is one of only ten vendors recognized in the 2023 Gartner Market Guide for XDR, was named a Leader in the G2 Grid for XDR, earned the position as the sole leader in Omdia’s vendor comparison for Comprehensive XDR, and delivered exceptional results in the 2023 MITRE Engenuity ATT&CK Evaluations (Round 5: Turla).

Elevate your defenses against active adversaries

To learn more and explore how Sophos XDR can help your organization better defend against active adversaries, speak with a Sophos adviser or your Sophos partner today.

You can also take it for a test drive in your own environment with a no-obligation 30-day free trial – available  from our website or (for existing Sophos customers) directly within the Sophos Central console in just a couple of clicks.